Integer Overflow Vulnerability in Microsoft Office and Outlook Products
CVE-2008-4025

Currently unrated

Key Information:

Vendor: Microsoft
Status: Open Xml File Format Converter; Office; Office Word Viewer; Office Compatibility Pack For Word Excel Ppt 2007
Vendor: CVE Published:; 10 December 2008

What is CVE-2008-4025?

This vulnerability allows remote attackers to exploit an integer overflow in several versions of Microsoft Office and Outlook, particularly through RTF files or rich text emails. By triggering a heap-based buffer overflow, malicious actors can execute arbitrary code on the victim's machine, posing a significant security risk to users. The issue affects various versions of Microsoft Office Word, Outlook, and associated viewer and converter tools for both Windows and Mac platforms.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securitytracker.com/id?1021370

vdb-entryx_refsource_SECTRACK

EPSS Score

69% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 10, 2008
Vulnerability Reserved
Sep 10, 2008